213 matches found
Publify has Improper Access Controls
A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...
GHSA-3HWX-C6CP-Q972 Publify vulnerable to cross site scripting
Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained...
Publify vulnerable to cross site scripting
Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained...
Cross site scripting in publify
Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained...
Cross site scripting in publify
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with 'publisher' role to inject malicious JavaScript via the uploaded html file...
Cross site scripting in publify
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a 'publisher' role is able to inject and execute arbitrary JavaScript code while creating a page/article...
Improper Access Control in publify
A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter prior to 9.2.9...
CVE-2022-1811
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...
CVE-2022-1811
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...
CVE-2022-1811 Unrestricted Upload of File with Dangerous Type in publify/publify
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9...
CVE-2022-1811
CVE-2022-1811 applies to Publify/Publify prior to 9.2.9. The vulnerability is an unrestricted upload of a file with a dangerous type due to insufficient validation of uploaded files in the application, enabling potential remote code execution. Affected software: Publify (GitHub repo publify/publi...
CVE-2022-1810
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...
CVE-2022-1810
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...
Authorization
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...
CVE-2022-1810 Authorization Bypass Through User-Controlled Key in publify/publify
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...
Publify 访问控制错误漏洞
Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.9, which stems from incorrect access control. An attacker could exploit this vulnerability to allow an unprivileged user to modify/delete an administrator...
CVE-2022-1810 Authorization Bypass Through User-Controlled Key in publify/publify
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9...
Publify 代码问题漏洞
Publify is a simple but full-featured web publishing software.An arbitrary file upload vulnerability exists in versions of Publify prior to 9.2.9, which stems from the application's lack of validation of uploaded files. An attacker could exploit this vulnerability to upload malicious files to...
CVE-2022-1810
CVE-2022-1810 affects Publify/publify before 9.2.9, where an authorization bypass is possible through a user-controlled key. The issue concerns access control of admin content, enabling a low-privilege user to modify/delete administrator posts. Affected product: Publify web publishing software. R...